Bold Themes
Products
13- 26 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
39| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-68541 | Cri | 0.64 | 9.8 | 0.00 | Feb 20, 2026 | Deserialization of Untrusted Data vulnerability in BoldThemes Ippsum ippsum allows Object Injection.This issue affects Ippsum: from n/a through <= 1.2.0. | ||
| CVE-2025-67997 | Cri | 0.64 | 9.8 | 0.00 | Feb 20, 2026 | Deserialization of Untrusted Data vulnerability in BoldThemes Travelicious travelicious allows Object Injection.This issue affects Travelicious: from n/a through < 1.6.7. | ||
| CVE-2025-67996 | Cri | 0.64 | 9.8 | 0.00 | Feb 20, 2026 | Deserialization of Untrusted Data vulnerability in BoldThemes Nestin nestin allows Object Injection.This issue affects Nestin: from n/a through < 1.2.6. | ||
| CVE-2025-64233 | Cri | 0.64 | 9.8 | 0.00 | Dec 18, 2025 | Deserialization of Untrusted Data vulnerability in BoldThemes Codiqa codiqa allows Object Injection.This issue affects Codiqa: from n/a through < 1.2.8. | ||
| CVE-2025-54723 | Cri | 0.64 | 9.8 | 0.00 | Dec 18, 2025 | Deserialization of Untrusted Data vulnerability in BoldThemes DentiCare denticare allows Object Injection.This issue affects DentiCare: from n/a through < 1.4.3. | ||
| CVE-2025-60216 | Cri | 0.64 | 9.8 | 0.01 | Oct 22, 2025 | Deserialization of Untrusted Data vulnerability in BoldThemes Addison addison allows Object Injection.This issue affects Addison: from n/a through < 1.4.8. | ||
| CVE-2025-52724 | Cri | 0.64 | 9.8 | 0.00 | Jun 27, 2025 | Deserialization of Untrusted Data vulnerability in BoldThemes Amwerk amwerk allows Object Injection.This issue affects Amwerk: from n/a through <= 1.2.0. | ||
| CVE-2025-39499 | Cri | 0.64 | 9.8 | 0.01 | May 23, 2025 | Deserialization of Untrusted Data vulnerability in BoldThemes Medicare medicare allows Object Injection.This issue affects Medicare: from n/a through <= 2.1.0. | ||
| CVE-2025-39495 | Cri | 0.64 | 9.8 | 0.01 | May 23, 2025 | Deserialization of Untrusted Data vulnerability in BoldThemes Avantage avantage allows Object Injection.This issue affects Avantage: from n/a through <= 2.4.9. | ||
| CVE-2026-27369 | Hig | 0.53 | 8.1 | 0.00 | Mar 5, 2026 | Deserialization of Untrusted Data vulnerability in BoldThemes Celeste celeste allows Object Injection.This issue affects Celeste: from n/a through <= 1.3.6. | ||
| CVE-2023-38391 | Med | 0.44 | 6.7 | 0.01 | Nov 4, 2023 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themesgrove Onepage Builder allows SQL Injection.This issue affects Onepage Builder: from n/a through 2.4.1. | ||
| CVE-2026-25451 | Med | 0.42 | 6.5 | 0.00 | Feb 19, 2026 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through <= 5.6.9. | ||
| CVE-2025-66057 | Med | 0.42 | 6.5 | 0.00 | Nov 21, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows DOM-Based XSS.This issue affects Bold Page Builder: from n/a through <= 5.5.2. | ||
| CVE-2025-58194 | Med | 0.42 | 6.5 | 0.00 | Aug 27, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through <= 5.4.3. | ||
| CVE-2025-54006 | Med | 0.42 | 6.5 | 0.00 | Jul 16, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through <= 5.4.1. | ||
| CVE-2025-47488 | Med | 0.42 | 6.5 | 0.00 | May 7, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows DOM-Based XSS.This issue affects Bold Page Builder: from n/a through <= 5.3.2. | ||
| CVE-2024-53801 | Med | 0.42 | 6.5 | 0.00 | Dec 6, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through <= 5.2.1. | ||
| CVE-2024-47298 | Med | 0.42 | 6.5 | 0.00 | Oct 6, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through <= 5.1.1. | ||
| CVE-2024-47391 | Med | 0.42 | 6.5 | 0.00 | Oct 5, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through < 5.1.1. | ||
| CVE-2024-2137 | Med | 0.42 | 6.4 | 0.00 | Apr 12, 2024 | The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple pricing widgets (e.g. Pricing Single, Pricing Icon, Pricing Tab) in all versions up to, and including, 2.5.1 due to insufficient input sanitization… |
- risk 0.64cvss 9.8epss 0.00
Deserialization of Untrusted Data vulnerability in BoldThemes Ippsum ippsum allows Object Injection.This issue affects Ippsum: from n/a through <= 1.2.0.
- risk 0.64cvss 9.8epss 0.00
Deserialization of Untrusted Data vulnerability in BoldThemes Travelicious travelicious allows Object Injection.This issue affects Travelicious: from n/a through < 1.6.7.
- risk 0.64cvss 9.8epss 0.00
Deserialization of Untrusted Data vulnerability in BoldThemes Nestin nestin allows Object Injection.This issue affects Nestin: from n/a through < 1.2.6.
- risk 0.64cvss 9.8epss 0.00
Deserialization of Untrusted Data vulnerability in BoldThemes Codiqa codiqa allows Object Injection.This issue affects Codiqa: from n/a through < 1.2.8.
- risk 0.64cvss 9.8epss 0.00
Deserialization of Untrusted Data vulnerability in BoldThemes DentiCare denticare allows Object Injection.This issue affects DentiCare: from n/a through < 1.4.3.
- risk 0.64cvss 9.8epss 0.01
Deserialization of Untrusted Data vulnerability in BoldThemes Addison addison allows Object Injection.This issue affects Addison: from n/a through < 1.4.8.
- risk 0.64cvss 9.8epss 0.00
Deserialization of Untrusted Data vulnerability in BoldThemes Amwerk amwerk allows Object Injection.This issue affects Amwerk: from n/a through <= 1.2.0.
- risk 0.64cvss 9.8epss 0.01
Deserialization of Untrusted Data vulnerability in BoldThemes Medicare medicare allows Object Injection.This issue affects Medicare: from n/a through <= 2.1.0.
- risk 0.64cvss 9.8epss 0.01
Deserialization of Untrusted Data vulnerability in BoldThemes Avantage avantage allows Object Injection.This issue affects Avantage: from n/a through <= 2.4.9.
- risk 0.53cvss 8.1epss 0.00
Deserialization of Untrusted Data vulnerability in BoldThemes Celeste celeste allows Object Injection.This issue affects Celeste: from n/a through <= 1.3.6.
- risk 0.44cvss 6.7epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themesgrove Onepage Builder allows SQL Injection.This issue affects Onepage Builder: from n/a through 2.4.1.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through <= 5.6.9.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows DOM-Based XSS.This issue affects Bold Page Builder: from n/a through <= 5.5.2.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through <= 5.4.3.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through <= 5.4.1.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows DOM-Based XSS.This issue affects Bold Page Builder: from n/a through <= 5.3.2.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through <= 5.2.1.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through <= 5.1.1.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through < 5.1.1.
- risk 0.42cvss 6.4epss 0.00
The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple pricing widgets (e.g. Pricing Single, Pricing Icon, Pricing Tab) in all versions up to, and including, 2.5.1 due to insufficient input sanitization…